Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
SCS
0.0200
Berliner Boersenzeitung - Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
EUR
-
AED 4.31146
AFN 77.552815
ALL 96.490006
AMD 447.387397
ANG 2.1015
AOA 1076.545647
ARS 1686.460724
AUD 1.760602
AWG 2.116111
AZN 1.99315
BAM 1.95662
BBD 2.360179
BDT 143.199982
BGN 1.956637
BHD 0.442544
BIF 3463.35069
BMD 1.173987
BND 1.515741
BOB 8.097392
BRL 6.345873
BSD 1.171786
BTN 105.771304
BWP 16.540858
BYN 3.43814
BYR 23010.14023
BZD 2.356777
CAD 1.616715
CDF 2623.86079
CHF 0.932964
CLF 0.02736
CLP 1073.317806
CNY 8.286057
CNH 8.278702
COP 4464.965093
CRC 583.546915
CUC 1.173987
CUP 31.110649
CVE 110.311206
CZK 24.201973
DJF 208.666515
DKK 7.469115
DOP 75.041752
DZD 152.174529
EGP 55.805107
ERN 17.609801
ETB 182.47371
FJD 2.66706
FKP 0.874416
GBP 0.876262
GEL 3.169235
GGP 0.874416
GHS 13.452635
GIP 0.874416
GMD 85.700954
GNF 10192.269224
GTQ 8.974759
GYD 245.122674
HKD 9.137837
HNL 30.851054
HRK 7.535468
HTG 153.462974
HUF 382.616951
IDR 19524.690979
ILS 3.759816
IMP 0.874416
INR 106.058551
IQD 1535.042982
IRR 49436.581934
ISK 148.204435
JEP 0.874416
JMD 187.737838
JOD 0.832368
JPY 182.800889
KES 151.11573
KGS 102.665441
KHR 4690.944912
KMF 493.074524
KPW 1056.583646
KRW 1729.94575
KWD 0.360027
KYD 0.976509
KZT 610.165579
LAK 25415.645822
LBP 104936.154484
LKR 362.38179
LRD 206.826633
LSL 19.845112
LTL 3.466477
LVL 0.710133
LYD 6.364639
MAD 10.779015
MDL 19.956359
MGA 5197.154791
MKD 61.561122
MMK 2465.687013
MNT 4164.573128
MOP 9.392234
MRU 46.451655
MUR 53.909635
MVR 18.090815
MWK 2031.942463
MXN 21.162074
MYR 4.804542
MZN 75.011046
NAD 19.845112
NGN 1701.552826
NIO 43.118061
NOK 11.81033
NPR 169.234608
NZD 2.018902
OMR 0.451397
PAB 1.171791
PEN 3.949454
PGK 4.972061
PHP 69.293982
PKR 329.571844
PLN 4.22215
PYG 8008.320328
QAR 4.270789
RON 5.091231
RSD 117.392861
RUB 93.000534
RWF 1705.607162
SAR 4.405546
SBD 9.662606
SCR 16.594891
SDG 706.148212
SEK 10.862781
SGD 1.515406
SHP 0.880794
SLE 28.293557
SLL 24617.912895
SOS 668.477157
SRD 45.301212
STD 24299.155382
STN 24.510162
SVC 10.253295
SYP 12982.392397
SZL 19.839226
THB 37.168443
TJS 10.804126
TMT 4.108954
TND 3.435839
TOP 2.826678
TRY 50.121365
TTD 7.952331
TWD 36.617932
TZS 2887.993286
UAH 49.462107
UGX 4166.74532
USD 1.173987
UYU 46.139326
UZS 14085.900144
VES 310.795223
VND 30885.243326
VUV 142.623146
WST 3.268316
XAF 656.229079
XAG 0.018394
XAU 0.000274
XCD 3.172758
XCG 2.111885
XDR 0.816138
XOF 656.229079
XPF 119.331742
YER 279.84908
ZAR 19.778131
ZMK 10567.290561
ZMW 26.864138
ZWL 378.023253
- Trump 'pardons' jailed US election denier
- British porn star fined, faces imminent Bali deportation
- Spain opens doors to descendants of Franco-era exiles
- Indonesia floods were 'extinction level' for rare orangutans
- Thai teacher finds 'peace amidst chaos' painting bunker murals
- Escapism or exaltation? 'Narco-culture' games raise concern in Mexico
- US slaps sanctions on Maduro relatives as Venezuela war fears build
- Japan bear victim's watch shows last movements
- French indie title 'Clair Obscur' dominates Game Awards
- South Korea exam chief quits over complaints of too-hard tests
Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
An app all attendees of the upcoming Beijing Olympics must use has encryption flaws that could allow personal information to leak, a cyber security watchdog said Tuesday.
The "simple but devastating flaw" in the encryption of the MY2022 app, which is used to monitor Covid and is mandatory for athletes, journalists and other attendees of the games in China's capital, could allow health information, voice messages and other data to leak, warned Jeffrey Knockel, author of the report for Citizen Lab.
The International Olympic Committee responded to the report by saying users can disable the app's access to parts of their phones and that assessments from two unnamed cyber security organizations "confirmed that there are no critical vulnerabilities."
"The user is in control over what the... app can access on their device," the committee told AFP, adding that installing it on cellphones isn't required "as accredited personnel can log on to the health monitoring system on the web page instead."
The committee said it had asked Citizen Lab for its report "to understand their concerns better."
Citizen Lab said it notified the Chinese organizing committee for the Games of the issues in early December and gave them 15 days to respond and 45 days to fix the problem, but received no reply.
"China has a history of undermining encryption technology to perform political censorship and surveillance," Knockel wrote.
"As such, it is reasonable to ask whether the encryption in this app was intentionally sabotaged for surveillance purposes or whether the defect was born of developer negligence," he continued, adding that "the case for the Chinese government sabotaging MY2022's encryption is problematic."
The flaws affect SSL certificates, which allow online entities to communicate securely.
MY2022 doesn't authenticate SSL certificates, meaning other parties could access the app's data, while data is transmitted without the usual encryption SSL certificates have, Knockel wrote.
While the app is transparent about the medical information it collects as part of China's efforts to screen Covid-19 cases, he said "it is unclear with whom or which organization(s) it shares this information."
MY2022 also contains a list called "illegalwords.txt" of "politically sensitive" phrases in China, many of which relate to China's political situation or its Tibetan and Uighur Muslim minorities.
These include keywords like "CCP evil" and Xi Jinping, China's president, though Knockel said it was unclear if the list was being actively used for censorship purposes.
Because of these features, the app may violate both Google and Apple policies around smartphone software, and "also China's own laws and national standards pertaining to privacy protection, providing potential avenues for future redress," he wrote.
(T.Burkhard--BBZ)
